Black Hat Windows Security 2003
Trainiing

Note: if the class is overfilled, then you will be wait-listed. You will be contacted should this occur.

training

Windows 2003 Training
February 24-25 2003
Seattle Sheraton Hotel & Towers

All course materials, lunch and two coffee breaks will be provided.
You must provide your own laptop.
A Certificate of Completion will be offered to students completing the course.

Course Length: 2 days

Cost: US $1600 before January 15, 2003 or US $1800 after January 15, 2003
NOTE: this is a two day course. A Certificate of Completion will be offered.

REGISTER NOW!

course description
Two Day Course
Mon, Feb 24 thru Tuesday, Feb 25
Forensics Tools and Processes for Windows XP Platforms®
Larry Leibrock, Ph.D., Associate Dean & Technology Officer for the McCombs Business School, University of Texas
What to bring:

Prospective students should bring to the class meetings a notebook running Windows XP professional version. You should have about 300-500 MB available in a separate partition. Two CD’s containing tool sets and forensics images will be distributed in class.

No loaner computers will be provided.

REGISTER NOW!

This Overview – The clinical course will involve case investigation procedures and a set of advanced open source and proprietary tools for the imaging, forensics review and reporting processes involving Windows® XP client platforms. The intensive course includes use of a set of procedures and software tools in order to properly: acquire, analyze, report and defend digitally stored case evidence on exclusively Windows XP systems.

In this intensive learning experience, attendees will receive vital information about the following topics:

  1. Forensic Examinations and Terms of Art - The module describes the procedures requisite to conduct an accurate and legally sufficient XP-platform forensic examination. Differing computer forensic protocols are described, including intrusive evidence recovery.
  2. Windows XP – Architecture - This module describes the software design and architecture of the XP platform and its’ variants. File structures, partitions, registry and directory attributes will be described.
  3. Seizure, Documenting and Reporting Digital evidence - This exercise reviews and analyzes the methods used to document and report the results of a forensic examination. Certain students will present their findings in a simulated exercise in order to reinforce their capabilities to create effective demonstrative presentations.
  4. Media Preparation Methods - Students are introduced to the prevailing instruments and technologies forensically prepare digital media. This is a critically important set of procedures when imaging a suspect’s digital media in order to be assured that no digital artifacts remain from prior investigations.
  5. Hardware Utilities - Forensic learners are introduced to four differing hardware devices, all of which are currently available to support computer forensic acquisitions. Certain difficulties are reviewed and the instructor will demonstrate these advanced tools.
  6. Specialized Examination Tools - This is an introduction to a variety software tools for use in a computer forensic examination. Learners are required to utilize advanced software and participate in a practical exercise in order to achieve a working understanding of these tools.
  7. Forensics Artifact Recovery - This is a both a discussion and hands-on lab where learners will conduct an advanced forensic examination of XP-based digital media. Some attention will be made to the PDA as a XP ancillary device. The focus of this lesson is to utilize tools for the recovery of digital artifacts which are unattainable by conventional methods.
  8. Cryptography & Password Recovery - This topic covers digital encryption file structures and password protected data that an investigator may encounter while conducting an investigation. Students are exposed to methods to compromise passwords which are used to protect potential evidence. This information is useful when trying to investigate a computer criminal that tries to hide data of forensics interest.
  9. Presentation of Digital Evidence - This is the final in-class exercise where student are faced with the challenge of presenting their findings in a liturgical setting. The students will present their findings in understandable terms, which is critical during a forensics investigation.
  10. Course Final Examination - This is a wrap-up practical and knowledge based instrument that is intended to assess the student mastery of the material presented.

Prospective students should bring to the class meetings a notebook running Windows XP professional version. You should have about 300-500 MB available in a separate partition. Two CDs containing tool sets and forensics images will be distributed in class.

Course Length: 2 days

Cost: US $1600 before January 15, 2003 or US $1800 after January 15, 2003
NOTE: this is a two day course. A Certificate of Completion will be offered.

REGISTER NOW!

Trainer:

Larry Leibrock, Ph.D., is a member of the McCombs Business School – The University of Texas faculty and serves as the Associate Dean and Technology Officer for the McCombs Business School. He has held or currently holds clinical teaching and research appointments at McCombs Business School, Institute for Advanced Technology, The University of Texas Law School, Emory University, Helsinki School of Economics and Monterrey Technologica in Mexico City and Monterrey. He is a member of IEEE, ACM, Internet Society, FIRST and USENIX/SAGE. He is also a member of the Department of Defense Software Engineering Institute and a participant in the Air Force Software Technology Conference. He is the founder and CTO for eForensics LLC, a private technical services firm.

He has experience in enterprise systems support, offensive/defensive systems security measures, systems security audits, and IT deployment projects in both governmental and corporate settings.

In clinical practice, he has served as the project manager in over IT projects in several US and international sites. He holds professional certifications in IT project management, Windows“, UNIX“, systems performance, computer security and networking. He has authored papers in the topics of information systems attacks, encryption, public key infrastructures, privacy, systems survivability and systems forensics.

He has won several University teaching awards and has served as an expert in a range of legislative matters, judicial testimony, and legal disputes. Larry has served as a Special Master for a Texas Court in the areas of systems management, systems survivability, security and protection of systems mechanisms.

Larry has delivered expert digital evidence testimony at both civil and criminal trials. He has testified for the Presidential Commission for Protection of Critical Information Infrastructure and the Senate Science Committee. He recently presented forensics testimony at an invitational conference for the Executive Office of the President. He presently serves on the Texas Infrastructure Protection Advisory Committee formed by the Attorney General of Texas. He is also appointed to the Board of Directors - Texas Department of Information Resources. Larry is active in IT industry and government systems consulting projects in the areas of systems forensics, enterprise IT operations, security and incident investigations.

Black Hat Logo
(c) 1996-2007 Black Hat